Tobias
11/10/2023, 3:00 PMcerbos.yaml
configuration:
...
engine:
defaultPolicyVersion: 'default'
globals:
some_variable: ${SOME_ENV_VARIABLE}
...
The custom_policy.yaml
looks like this:
apiVersion: api.cerbos.dev/v1
resourcePolicy:
version: 'default'
resource: some_resource
rules:
- actions: ['view']
effect: EFFECT_ALLOW
roles:
- user
condition:
match:
all:
of:
- expr: R.attr.some_field == true
- expr: P.attr.some_attr == false
- expr: G.some_variable == true
And the custom_policy_test.yaml
(in it's current state) looks like this:
name: CustomTests
description: Tests for custom policy.
principals:
someUser:
id: u1
roles:
- user
attr:
some_attr: false
resources:
someResource:
id: restricted-network-request
kind: some_resource
policyVersion: default
attr:
some_field: true
tests:
- name: Test custom policy
input:
principals:
- someUser
resources:
- someResource
actions:
- view
expected:
- principal: someUser
resource: someResource
actions:
view: EFFECT_ALLOW
The tests are executed with ./cerbos compile --tests=/path_to_tests /path_to_policies
with Version 0.30.0
Charith (Cerbos)
Tobias
11/10/2023, 3:36 PMEvan
11/28/2023, 12:51 PMCharith (Cerbos)
Evan
11/28/2023, 1:16 PMCharith (Cerbos)
globals
for test cases.Tobias
11/30/2023, 9:10 AM